[TryHackMe] Searchlight - IMINT
Table of contents
Hello leet h4xxors, today I'm writing the first write-up of the serie. 😁
Task 1 : Welcome to the Searchlight IMINT room
"In this room we will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence and geospatial intelligence. This room is suited for those of you who are just beginning your OSINT journey or those brand new to the field of IMINT/GEOINT."
Question : Did you understand the flag format?
Answer : sl{ready}
Task 2 : Your first challenge!
Question :What is the name of the street where this image was taken?
Here we have a crucial information which is the street "Welcome to Carnaby Street". So the answer is pretty easy.
Answer : sl{carnaby street}
Task 3 : Just Google it!
Question 1 : Which city is the tube station located in ?
At the foreground, we have the "Underground". It's pretty trivial to know that is from London however, if we don't know about this. We can just google it.
Answer : sl{london}
Question 2 : Which tube station do these stairs lead to?
The name of the tube station is written just here. We can see "...LY CIRCUS ST..."
Even if we cannot determine the entire name of the station, we can google something like "underground circus station".
We can look at for "Piccadilly Circus tube station" on Google Images, to be sure.
Yep, this is the same place.
Anwser : sl{picadilly circus}
Question 3 : Which year did this station open?
While Wikipedia may not be the most reliable source, it can still provide basic answers. The first line of the history section in the Piccadilly Circus tube station article gives us the answer.
Answer : sl{1906}
Question 4 : How many platforms are there in this station?
Same as the previous question, the answer is on Wikipedia.
Answer : sl{4}
Task 4 : Keep at it!
Question 1 : Which building is this photo taken in ?
For this task, we need to focus on the sign in the background. We have two pieces of information that can help us answer the first question :
YVR CONNECTS
yvr.ca
Let's search for the first info.
So this is an airport.
Answer : sl{Vancouver International Airport}
Question 2 : Which country is this building located in ?
Just like the questions about Piccadilly Circus train station, everything is on its Wikipedia article.
Answer : sl{Canada}
Question 3 : Which city is this building located in?
Answer : sl{Richmond}
Task 5 : Coffee and a light lunch
"A friend of mine contacted me asking if I could help them locate a coffee shop that is supposed to serve the best lunch there is. They told me the coffee shop is somewhere in Scotland, and he sent me these two pictures. Do you think you could locate it and answer the questions below for me?"
Now we are going to delve deeper into the analytical aspects. You will need to think more.
Question 1 : Which city is this coffee shop located in ?
First of all, we know that the coffee shop is somewhere in Scotland, which narrows down our search.
From the second photo, two things stand out :
First, the store "The Edinburgh Woolen M..."
Then, the street is on a slope
Let's look up the store on Google Maps; this will help us find the location of the coffee shop.
As wee can see, there are several TEWM store in Scotland. As there are less than 15 stores (at the first look) we can look at all of them, one by one.
There is one that caught my eye. The street is on a slope. If we look at it with street view, we can see the same blue sign that we can see in the photo sent. So we are sure we are at the right place.
Now we have to look around. We see that :
We found our coffee shop !
Answer : sl{Blairgowrie}
Question 2 : Which street is this coffee shop located in ?
This is on the previous photo, Allan Street.
Answer : sl{Allan Street}
Question 3 : What is their phone number?
By a simple Google search, we can find the Wee Coffee Shop's Facebook Page.
Answer : sl{+447878839128}
Question 4 : What is their email address?
Answer : sl{theweecoffeeshop@aol.com}
Question 5 : What is the surname of the owners ?
Answer : sl{Cochrane}
Task 6 : Reverse your thinking
"One of the methods for geolocating an image is to do an image reverse search. This means that we are searching for the image itself online, and if the image has been indexed by search engines we may find the exact image or we can do a visual search or crop search to help us find similar images."
Now we've learned a new technique, which is the image reverse search. We could have just used this technique to find the wee coffee shop. But, you know, from a beginner's point of view, we have to move step by step.
Question 1 : Which restaurant was this picture taken at?
We found the original picture on TripAdvisor.
Answer : sl{kat's deli}
Question 2 : What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?
By searching the name of the restaurant and "Bon appétit," we found a YouTube video and an article :
The answer can be found in both.
Answer : sl{Andrew Knowlton}
Task 7 : Locate this sculpture
Ok, this one can be a little bit annoying if you get into a rabbit hole but check this out.
First, we are going to do an image reverse search. Not on Google this time but on Bing. Look at what we found on the first page.
We found the first answer.
Answer : sl{Rudolph the Chrome Nosed Reindeer}
Question 2 : Who took this image
In the previous screenshot, we can see that this sculpture is in Oslo, Norway.
When we are looking for the exact location of the sculpture, we find this website, Visit Oslo.
On this website, there is a map with all of the bronze sculpture in Oslo, including the one we are looking for.
Click on every pin on the map to search for the Chrome Nosed Reindeer.
The photographer is mentioned here.
Answer : sl{Kjersti Stensrud}
Task 8 : ...and justice for all
This one is by far the most annoying if you don't know where to look.
First, let's do a reverse search.
Question 1 : What is the name of the character that the statue depicts ?
If you do a reverse search on Google, the articles on the right are not about the statue itself. It's used for illustration purposes.
What I like to do in such cases is to find the same photo but with different angles.
If we look at the second one, we stumble upon this art archive site.
This lead us to two things. What the statue depicts and the exact location.
"The statue depicts the traditional "Blind Justice," holding the scales of justice in each hand."
With a simple Google search, we can find the name of the character.
There is another way to find the name of the character, by doing the reverse search on Bing. This was far easier, and I know most of you didn't do it. Now you know that it's important to try to use different tools.
Answer : sl{Lady Justice}
Question 2 : Where is this statue located?
We already have the location.
Answer : sl{Alexandria, Virginia}
Question 3 : What is the name of the building opposite from this statue ?
Let's explore the opposite direction.
Answer : sl{The Westin Alexandria Old Town}
Task 9 : The view from my hotel room
You've made your way to the last task, know you need to analyze the video.
Question : What is the name of the hotel that my friend stayed in a few years ago ?
To analyze the video you can either use FFMPEG to watch it frame per frame or you can just pause the video every time you need to look at something.
To find the hotel, I looked at this :
It says "Riverside Point". Another clue, another Google search :
This is the same place.
With Google Maps we can also see the watercourse that we can see in the video.
To find the hotel we can think about few things :
The distance between Riverside Point and the hotel : Not very far.
The color of the hotel : Orange
What we can see from the Riverside Point POV :
We can see the Clarke Quay Central, from the hotel POV. And from the Clarke Quay Central, the hotel is straight ahead.
We notice this orange building.
The building have been destroyed, so we can use the street view from 2019. This is a Novotel building.
Now with a search like "Novotel Clarke Quay" we find this :
This is our answer !
Answer : sl{Novotel Singapore Clarke Quay
Conclusion
Bravo, you've succeeded in this challenge. Don't hesitate to follow me on Instagram : h0neyp0t.sec
Don't settle for null, strive for #0...
h0neyp0t.
Subscribe to my newsletter
Read articles from h0neyp0t directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
h0neyp0t
h0neyp0t
Self-taught Pentester from France 🇫🇷 Cybersecurity | Coding | Productivity